Bug 292319, Set trust for XForms events. r=doron+aaronr, a=mkaply, NPOTB

This commit is contained in:
Olli.Pettay%helsinki.fi 2005-05-03 19:39:38 +00:00
Родитель af06e4842f
Коммит 92a6302273
14 изменённых файлов: 135 добавлений и 32 удалений

Просмотреть файл

@ -109,9 +109,8 @@ nsXFormsActionElement::OnDestroyed() {
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsActionElement::HandleEvent(nsIDOMEvent* aEvent) nsXFormsActionElement::HandleEvent(nsIDOMEvent* aEvent)
{ {
if (!aEvent) return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
return NS_ERROR_INVALID_ARG; HandleAction(aEvent, nsnull) : NS_OK;
return HandleAction(aEvent, nsnull);
} }
PR_STATIC_CALLBACK(PLDHashOperator) DoDeferredActions(nsISupports * aModel, PR_STATIC_CALLBACK(PLDHashOperator) DoDeferredActions(nsISupports * aModel,

Просмотреть файл

@ -78,8 +78,7 @@ NS_IMETHODIMP nsXFormsActionModuleBase::OnDestroyed()
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsActionModuleBase::HandleEvent(nsIDOMEvent* aEvent) nsXFormsActionModuleBase::HandleEvent(nsIDOMEvent* aEvent)
{ {
if (!aEvent) return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
return NS_ERROR_INVALID_ARG; HandleAction(aEvent, nsnull) : NS_OK;
return HandleAction(aEvent, nsnull);
} }

Просмотреть файл

@ -174,6 +174,8 @@ nsXFormsContextContainer::HandleDefault(nsIDOMEvent *aEvent,
if (!type.EqualsLiteral("focus")) if (!type.EqualsLiteral("focus"))
return nsXFormsControlStub::HandleDefault(aEvent, aHandled); return nsXFormsControlStub::HandleDefault(aEvent, aHandled);
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
/* /*
* Either we, or an element we contain, has gotten focus, so we need to set * Either we, or an element we contain, has gotten focus, so we need to set
* the repeat index. This is done through the \<repeat\> the * the repeat index. This is done through the \<repeat\> the

Просмотреть файл

@ -66,15 +66,16 @@ nsXFormsHintHelpListener::HandleEvent(nsIDOMEvent* aEvent)
nsCOMPtr<nsIDOMEventTarget> target; nsCOMPtr<nsIDOMEventTarget> target;
aEvent->GetCurrentTarget(getter_AddRefs(target)); aEvent->GetCurrentTarget(getter_AddRefs(target));
nsCOMPtr<nsIDOMNode> targetNode(do_QueryInterface(target)); nsCOMPtr<nsIDOMNode> targetNode(do_QueryInterface(target));
if (nsXFormsUtils::EventHandlingAllowed(aEvent, targetNode)) {
nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aEvent)); nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aEvent));
if (keyEvent) { if (keyEvent) {
PRUint32 code = 0; PRUint32 code = 0;
keyEvent->GetKeyCode(&code); keyEvent->GetKeyCode(&code);
if (code == nsIDOMKeyEvent::DOM_VK_F1) if (code == nsIDOMKeyEvent::DOM_VK_F1)
nsXFormsUtils::DispatchEvent(targetNode, eEvent_Help); nsXFormsUtils::DispatchEvent(targetNode, eEvent_Help);
} else { } else {
nsXFormsUtils::DispatchEvent(targetNode, eEvent_Hint); nsXFormsUtils::DispatchEvent(targetNode, eEvent_Hint);
}
} }
return NS_OK; return NS_OK;
@ -284,7 +285,8 @@ nsXFormsControlStub::HandleDefault(nsIDOMEvent *aEvent,
{ {
NS_ENSURE_ARG(aHandled); NS_ENSURE_ARG(aHandled);
if (aEvent) { if (nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) {
// Check that we are the target of the event // Check that we are the target of the event
nsCOMPtr<nsIDOMEventTarget> target; nsCOMPtr<nsIDOMEventTarget> target;
aEvent->GetTarget(getter_AddRefs(target)); aEvent->GetTarget(getter_AddRefs(target));

Просмотреть файл

@ -108,11 +108,9 @@ nsXFormsDispatchElement::HandleAction(nsIDOMEvent* aEvent,
docEvent->CreateEvent(NS_LITERAL_STRING("Events"), getter_AddRefs(event)); docEvent->CreateEvent(NS_LITERAL_STRING("Events"), getter_AddRefs(event));
event->InitEvent(name, bubbles, cancelable); event->InitEvent(name, bubbles, cancelable);
// XXX: What about uiEvent->SetTrusted(?), should these events be
// trusted or not?
nsCOMPtr<nsIDOMEventTarget> targetEl = do_QueryInterface(el); nsCOMPtr<nsIDOMEventTarget> targetEl = do_QueryInterface(el);
if (targetEl) { if (targetEl) {
nsXFormsUtils::SetEventTrusted(event, el);
PRBool defaultActionEnabled; PRBool defaultActionEnabled;
targetEl->DispatchEvent(event, &defaultActionEnabled); targetEl->DispatchEvent(event, &defaultActionEnabled);
} }

Просмотреть файл

@ -259,7 +259,10 @@ nsXFormsInputElement::HandleDefault(nsIDOMEvent *aEvent,
if (*aHandled || !mIncremental) { if (*aHandled || !mIncremental) {
return NS_OK; return NS_OK;
} }
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
nsAutoString type; nsAutoString type;
aEvent->GetType(type); aEvent->GetType(type);
@ -290,7 +293,8 @@ nsXFormsInputElement::Focus(nsIDOMEvent *aEvent)
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsInputElement::Blur(nsIDOMEvent *aEvent) nsXFormsInputElement::Blur(nsIDOMEvent *aEvent)
{ {
return UpdateInstanceData(); return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
UpdateInstanceData() : NS_OK;
} }
nsresult nsresult

Просмотреть файл

@ -270,9 +270,8 @@ nsXFormsMessageElement::OnDestroyed()
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsMessageElement::HandleEvent(nsIDOMEvent* aEvent) nsXFormsMessageElement::HandleEvent(nsIDOMEvent* aEvent)
{ {
if (!aEvent) return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
return NS_ERROR_INVALID_ARG; HandleAction(aEvent, nsnull) : NS_OK;
return HandleAction(aEvent, nsnull);
} }
void void

Просмотреть файл

@ -358,6 +358,9 @@ nsXFormsModelElement::DoneAddingChildren()
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsModelElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled) nsXFormsModelElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
{ {
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
*aHandled = PR_TRUE; *aHandled = PR_TRUE;
nsAutoString type; nsAutoString type;
@ -734,6 +737,9 @@ nsXFormsModelElement::OnError(nsresult aStatus,
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsModelElement::HandleEvent(nsIDOMEvent* aEvent) nsXFormsModelElement::HandleEvent(nsIDOMEvent* aEvent)
{ {
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
nsAutoString type; nsAutoString type;
aEvent->GetType(type); aEvent->GetType(type);
if (!type.EqualsLiteral("DOMContentLoaded")) if (!type.EqualsLiteral("DOMContentLoaded"))

Просмотреть файл

@ -349,6 +349,9 @@ nsXFormsSelectElement::TryFocus(PRBool* aOK)
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsSelectElement::HandleEvent(nsIDOMEvent *aEvent) nsXFormsSelectElement::HandleEvent(nsIDOMEvent *aEvent)
{ {
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
nsAutoString type; nsAutoString type;
aEvent->GetType(type); aEvent->GetType(type);

Просмотреть файл

@ -283,6 +283,9 @@ nsXFormsSubmissionElement::OnDestroyed()
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsSubmissionElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled) nsXFormsSubmissionElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
{ {
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
nsAutoString type; nsAutoString type;
aEvent->GetType(type); aEvent->GetType(type);
if (type.EqualsLiteral("xforms-submit")) { if (type.EqualsLiteral("xforms-submit")) {

Просмотреть файл

@ -242,6 +242,9 @@ nsXFormsTriggerElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
return NS_OK; return NS_OK;
} }
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
nsAutoString type; nsAutoString type;
aEvent->GetType(type); aEvent->GetType(type);
@ -276,8 +279,7 @@ nsXFormsTriggerElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
aView, aView,
1); // Simple click 1); // Simple click
// XXX: What about uiEvent->SetTrusted(?), should these events be nsXFormsUtils::SetEventTrusted(uiEvent, mElement);
// trusted or not?
PRBool cancelled; PRBool cancelled;
return target->DispatchEvent(uiEvent, &cancelled); return target->DispatchEvent(uiEvent, &cancelled);
@ -328,6 +330,9 @@ nsXFormsSubmitElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
return NS_OK; return NS_OK;
} }
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK;
nsAutoString type; nsAutoString type;
aEvent->GetType(type); aEvent->GetType(type);
if (!(*aHandled = type.EqualsLiteral("DOMActivate"))) if (!(*aHandled = type.EqualsLiteral("DOMActivate")))

Просмотреть файл

@ -211,7 +211,8 @@ nsXFormsUploadElement::Focus(nsIDOMEvent *aEvent)
NS_IMETHODIMP NS_IMETHODIMP
nsXFormsUploadElement::Blur(nsIDOMEvent *aEvent) nsXFormsUploadElement::Blur(nsIDOMEvent *aEvent)
{ {
if (!mInput || !mBoundNode || !mModel) if (!mInput || !mBoundNode || !mModel ||
!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
return NS_OK; return NS_OK;
nsAutoString value; nsAutoString value;

Просмотреть файл

@ -80,6 +80,9 @@
#include "nsIDOM3Node.h" #include "nsIDOM3Node.h"
#include "nsIConsoleService.h" #include "nsIConsoleService.h"
#include "nsIStringBundle.h" #include "nsIStringBundle.h"
#include "nsIDOMNSEvent.h"
#include "nsIURI.h"
#include "nsIPrivateDOMEvent.h"
#define CANCELABLE 0x01 #define CANCELABLE 0x01
#define BUBBLES 0x02 #define BUBBLES 0x02
@ -719,17 +722,75 @@ nsXFormsUtils::DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent)
const EventData *data = &sXFormsEventsEntries[aEvent]; const EventData *data = &sXFormsEventsEntries[aEvent];
event->InitEvent(NS_ConvertUTF8toUTF16(data->name), event->InitEvent(NS_ConvertUTF8toUTF16(data->name),
data->canBubble, data->canCancel); data->canBubble, data->canCancel);
// XXX: What about event->SetTrusted(?) here? Should all these
// events be trusted? Right now they're never trusted.
nsCOMPtr<nsIDOMEventTarget> target = do_QueryInterface(aTarget); nsCOMPtr<nsIDOMEventTarget> target = do_QueryInterface(aTarget);
NS_ENSURE_STATE(target); NS_ENSURE_STATE(target);
SetEventTrusted(event, aTarget);
PRBool defaultActionEnabled; PRBool defaultActionEnabled;
return target->DispatchEvent(event, &defaultActionEnabled); return target->DispatchEvent(event, &defaultActionEnabled);
} }
/* static */ nsresult
nsXFormsUtils::SetEventTrusted(nsIDOMEvent* aEvent, nsIDOMNode* aRelatedNode)
{
nsCOMPtr<nsIDOMNSEvent> event(do_QueryInterface(aEvent));
if (event) {
PRBool isTrusted = PR_FALSE;
event->GetIsTrusted(&isTrusted);
if (!isTrusted && aRelatedNode) {
nsCOMPtr<nsIDOMDocument> domDoc;
aRelatedNode->GetOwnerDocument(getter_AddRefs(domDoc));
nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
if (doc) {
nsIURI* uri = doc->GetDocumentURI();
if (uri) {
PRBool isChrome = PR_FALSE;
uri->SchemeIs("chrome", &isChrome);
if (isChrome) {
nsCOMPtr<nsIPrivateDOMEvent> privateEvent(do_QueryInterface(aEvent));
NS_ENSURE_STATE(privateEvent);
privateEvent->SetTrusted(PR_TRUE);
}
}
}
}
}
return NS_OK;
}
/* static */ PRBool
nsXFormsUtils::EventHandlingAllowed(nsIDOMEvent* aEvent, nsIDOMNode* aTarget)
{
PRBool allow = PR_FALSE;
if (aEvent && aTarget) {
nsCOMPtr<nsIDOMNSEvent> related(do_QueryInterface(aEvent));
if (related) {
PRBool isTrusted = PR_FALSE;
if (NS_SUCCEEDED(related->GetIsTrusted(&isTrusted))) {
if (isTrusted) {
allow = PR_TRUE;
} else {
nsCOMPtr<nsIDOMDocument> domDoc;
aTarget->GetOwnerDocument(getter_AddRefs(domDoc));
nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
if (doc) {
nsIURI* uri = doc->GetDocumentURI();
if (uri) {
PRBool isChrome = PR_FALSE;
uri->SchemeIs("chrome", &isChrome);
allow = !isChrome;
}
}
}
}
}
}
NS_WARN_IF_FALSE(allow, "Event handling not allowed!");
return allow;
}
/* static */ PRBool /* static */ PRBool
nsXFormsUtils::IsXFormsEvent(const nsAString& aEvent, nsXFormsUtils::IsXFormsEvent(const nsAString& aEvent,
PRBool& aCancelable, PRBool& aCancelable,

Просмотреть файл

@ -54,6 +54,7 @@ class nsIXFormsModelElement;
class nsIURI; class nsIURI;
class nsString; class nsString;
class nsIMutableArray; class nsIMutableArray;
class nsIDOMEvent;
#define NS_NAMESPACE_XFORMS "http://www.w3.org/2002/xforms" #define NS_NAMESPACE_XFORMS "http://www.w3.org/2002/xforms"
#define NS_NAMESPACE_XHTML "http://www.w3.org/1999/xhtml" #define NS_NAMESPACE_XHTML "http://www.w3.org/1999/xhtml"
@ -257,7 +258,27 @@ public:
*/ */
static NS_HIDDEN_(nsresult) static NS_HIDDEN_(nsresult)
DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent); DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent);
/**
* Sets aEvent trusted if aRelatedNode is in chrome.
* When dispatching events in chrome, they should be set trusted
* because by default event listeners in chrome handle only trusted
* events.
* Should be called before any event dispatching in XForms.
*/
static NS_HIDDEN_(nsresult)
SetEventTrusted(nsIDOMEvent* aEvent, nsIDOMNode* aRelatedNode);
/**
* Returns PR_TRUE unless aTarget is in chrome and aEvent is not trusted.
* This should be used always before handling events. Otherwise if XForms
* is used in chrome, it may try to handle events that can be synthesized
* by untrusted content. I.e. content documents may create events using
* document.createEvent() and then fire them using target.dispatchEvent();
*/
static NS_HIDDEN_(PRBool)
EventHandlingAllowed(nsIDOMEvent* aEvent, nsIDOMNode* aTarget);
/** /**
* Returns PR_TRUE, if aEvent is an XForms event, and sets the values * Returns PR_TRUE, if aEvent is an XForms event, and sets the values
* of aCancelable and aBubbles parameters according to the event type. * of aCancelable and aBubbles parameters according to the event type.